CVSSv3 June 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤25
≤355
≤4284
≤5357
≤6440
≤7588
≤8202
≤9109
≤1032

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤26
≤360
≤4295
≤5355
≤6497
≤7560
≤8199
≤969
≤1031

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤29
≤396
≤4437
≤5328
≤6413
≤7535
≤8154
≤967
≤1033

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤32
≤45
≤545
≤668
≤773
≤877
≤938
≤1061

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤23
≤316
≤433
≤552
≤6114
≤7101
≤8211
≤9104
≤1071

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤68
≤73
≤831
≤912
≤101

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤81
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDCNAVendResVulnerabilityCTICVE
06/30/20227.97.1
 
8.38.3
 
Microsoft Edge privileges management0.05CVE-2022-33680
06/30/20228.06.39.8
 
 
 
EyesOfNetwork Options Configuration sendmail Privilege Escalation0.03CVE-2021-40643
06/30/20226.46.36.5
 
 
 
Atlassian Jira Server/Jira Data Center Mobile Plugin server-side request forgery0.05CVE-2022-26135
06/30/20224.74.7
 
4.7
 
 
Online Hotel Booking System Room edit_room_cat.php sql injection0.05CVE-2022-2263
06/30/20224.74.7
 
4.7
 
 
Online Hotel Booking System Room edit_all_room.php sql injection0.03CVE-2022-2262
06/30/20226.66.6
 
 
 
 
Omron SYSMAC CS1 signature verification0.00CVE-2022-31206
06/30/20224.44.4
 
 
 
 
Omron SYSMAC CS1 data authenticity0.07CVE-2022-31207
06/30/20222.72.7
 
 
 
 
Omron SYSMAC CS1 CP1W-CIF41 Ethernet Option Board credentials storage0.04CVE-2022-31205
06/30/20223.73.7
 
 
 
 
Omron SYSMAC CS1 cleartext transmission0.04CVE-2022-31204
06/30/20227.65.59.8
 
 
 
Das U-Boot i2c md Command do_i2c_md stack-based overflow0.03CVE-2022-34835
06/30/20228.06.39.8
 
 
 
Edimax IC-3140W hard-coded credentials0.04CVE-2021-40597
06/30/20224.62.46.8
 
 
 
Joy Wolf E-Bike Key Fob Request denial of service0.07CVE-2022-30467
06/30/20227.37.3
 
 
 
 
Backdoor.Win32.EvilGoat.b Service Port 13014 hard-coded credentials0.03
06/30/20227.37.3
 
 
 
 
Backdoor.Win32.Cafeini.b Service Port 51966 hard-coded credentials0.03
06/30/20227.37.3
 
 
 
 
Backdoor.Win32.Coredoor.10.a Service Port 21000 improper authentication0.04
06/29/20226.36.3
 
 
 
 
Mozilla Firefox Internal URL Protection access control0.33CVE-2022-31746
06/29/20227.04.77.29.1
 
 
grav code injection0.00CVE-2022-2073
06/29/20225.13.55.46.5
 
 
Enalean Tuleap MyDocmanSearch Widget cross site scripting0.04CVE-2022-31063
06/29/20225.94.7
 
7.2
 
 
Enalean Tuleap Tracker Report sql injection0.06CVE-2022-31058
06/29/20224.34.3
 
4.3
 
 
Enalean Tuleap Project information disclosure0.08CVE-2022-31032
06/29/20226.05.37.55.3
 
 
RSSHub resource consumption0.11CVE-2022-31110
06/29/20226.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.04CVE-2022-33061
06/29/20226.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.04CVE-2022-33060
06/29/20226.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.04CVE-2022-33059
06/29/20226.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.04CVE-2022-33058
06/29/20226.76.37.2
 
 
 
oretnom23 Online Railway Reservation System sql injection0.04CVE-2022-33057
06/29/20225.66.36.14.3
 
 
microweber redirect0.04CVE-2022-2252
06/29/20225.54.36.16.1
 
 
IBM Security Guardium Web UI cross site scripting0.07CVE-2021-39074
06/29/20226.76.37.2
 
 
 
oretnom23 Online Railway Reservation System view_details.php sql injection0.04CVE-2022-33042
06/29/20224.73.55.9
 
 
 
MetaMask BIP39 Mnemonic information disclosure0.05CVE-2022-32969
06/29/20225.54.96.1
 
 
 
ApiFest OAuth 2.0 Server URI redirect0.04CVE-2020-26877
06/29/20227.06.37.8
 
 
 
XLPD unquoted search path0.04CVE-2022-33035
06/29/20226.86.37.3
 
 
 
NoMachine permission0.04CVE-2022-34043
06/29/20226.65.57.8
 
 
 
Embarcadero Dev-CPP EXE File uncontrolled search path0.04CVE-2022-33037
06/29/20226.65.57.8
 
 
 
Embarcadero Dev-CPP EXE File uncontrolled search path0.04CVE-2022-33036
06/29/20226.55.57.5
 
 
 
CVA6 Multiplication Unit permission0.05CVE-2022-33023
06/29/20226.55.57.5
 
 
 
CVA6 memory corruption0.05CVE-2022-33021
06/29/20227.65.59.8
 
 
 
ThinkPHP AbstractCache.php deserialization0.00CVE-2022-33107
06/29/20224.03.74.3
 
 
 
Textpattern CMS txplib_misc.php missing secure attribute0.03CVE-2021-40642
06/29/20224.02.65.4
 
 
 
SilverStripe Framework cwp-core Module cross site scripting0.07CVE-2022-25238
06/29/20225.44.36.5
 
 
 
Marval MSM 2FA cross-site request forgery0.05CVE-2022-31886
06/29/20224.43.55.4
 
 
 
Admidio cross site scripting0.11CVE-2022-23896
06/29/20224.43.55.4
 
 
 
SilverStripe Framework XMLHttpRequest cross site scripting0.05CVE-2022-28803
06/29/20223.93.54.3
 
 
 
SilverStripe Assets cross site scripting0.07CVE-2022-29858
06/29/20224.83.56.1
 
 
 
wuzhicms cross site scripting0.03CVE-2020-19897
06/29/20224.23.75.33.7
 
 
dompdf server-side request forgery0.00CVE-2022-0085
06/29/20224.83.56.1
 
 
 
SourceCodester Zoo Management System register_visitor cross site scripting0.04CVE-2022-31897
06/29/20225.54.96.1
 
 
 
Nagios XI Login redirect0.04CVE-2022-29272
06/29/20225.03.56.5
 
 
 
Nagios XI Downtime permission0.07CVE-2022-29271
06/29/20224.95.54.3
 
 
 
Nagios XI Email Address access control0.11CVE-2022-29270

2022 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!